Enable AAA fails on the second ACS server

I have 2 servers Windows 2003 4.2 ACS, who authenticate with AD. I have configured authentication GANYMEDE + both for my PIX 515 running version 7.24. GANYMEDE + authentication works fine on both. However, when I use the 'aaa authentication enable console LOCAL ProsperAdminAuth', the enable password only works with the first ACS server. When the first server is unavailable, it fails on the second ACS server and authentication failed on ACS "ACS invalid password" reports. It does not allow the LOCAL password. I checked all the password and there is no problem there. I know that for you, because GANYMEDE auth works. Someone at - he seen elsewhere issue or know what I might try?

Thank you

Vivek

Hello

Configuration of external database is not replicated between servers ACS so my guess here that is on your ACS secondary if you go to the external-> unknown user policy user databases, you will find that under configure enable password behavior you are on "internal data" instead of "The database which the user profile is required."

-Jesse

Tags: Cisco Security

Similar Questions

migrate from Windows 10 failure error oxc ox400d 1900 failed in the second phase of startup with the error during operation of data on my windows desktop 7

Windows 10 has failed 75% error oxc 1900-ox 400 d has failed in the second phase of startup with the error during the operation of the Migrate_data on my windows desktop 7 using media creation tool. Help please.

Turn off the computer.

Wait 10 minutes.

Start the computer.

The installation program automatically restores your previous version of Windows 10 or an earlier version of Windows.

Launch the prompt with administrator privileges.

Press the Windows key + X

Click prompt (Admin)

Type the following command:

Rundll32.exe pnpclean.dll, RunDLL_PnpClean /DRIVERS /MAXCLEAN

Press enter on your keyboard

Exit command prompt

Restart
- Turn off (preferably uninstall) your Antivirus utility before you perform the upgrade.
- Reboot several times and try again.
- Disable the general USB peripherals (for example - smart card reader).
- If you are using a SCSI drive, make sure you have the drivers available for your storage on a thumdrive device and it is connected. During the installation of Windows 10, click on the advanced custom Option and use the command load driver to load the driver for the SCSI drive. If this does not work and the installer still fails, consider switching to an IDE based hard drive.
- Do a clean boot, and then try again.
- If you upgrade to the. ISO file, disconnect from the Internet during the installation, if you are connected in LAN (Ethernet) or wireless, disable both and try the installation again.
- If you update via Windows Update, when download reaches 100%, disconnect the Internet LAN (Ethernet) or wireless, and proceed with the installation.
- If this does not work, try using the. ISO file to upgrade if possible.
- If you are connected to a domain, go to a local account
- If you have an external equipment, attached to the machine, unplug them (example, game controllers, USB sticks, external hard drive, printers, peripherals not essential).

BB10 network plugin fails on the second call

Hi all

I created a plugin(native extension) network that works very well when you call the first javascript application.

The entrance to this extension is: {'url' ": '"http://example.com ', imeOut: '4'}

When I try to call this plugin the next time, he demonstrated "operation cancelled" due to the delay. If I delete the time-out period of extension, not getting not response in onRequestFinished and it returns nothing for javascript application.

Please, help me find an error code below.

It is very urgent.

Thanks in advance.

template_js.hpp

#ifndef TemplateJS_HPP_
#define TemplateJS_HPP_

#include 
#include "../public/plugin.h"
#include "template_ndk.hpp"

class TemplateJS: public JSExt {

public:
    explicit TemplateJS(const std::string& id);
    virtual ~TemplateJS();
    virtual bool CanDelete();
    virtual std::string InvokeMethod(const std::string& command);
    void NotifyEvent(const std::string& event);
    bool StartThread();
    std::string params;

private:
    std::string m_id;

};

#endif /* TemplateJS_HPP_ */

template_js.cpp

#include #include "../public/tokenizer.h"#include #include "template_js.hpp"#include "template_ndk.hpp"

using namespace std;

/** * Default constructor. */TemplateJS::TemplateJS(const std::string& id) : m_id(id) {

}

/** * TemplateJS destructor. */TemplateJS::~TemplateJS() {

}

/** * This method returns the list of objects implemented by this native * extension. */char* onGetObjList() { static char name[] = "TemplateJS"; return name;}

/** * This method is used by JNext to instantiate the TemplateJS object when * an object is created on the JavaScript server side. */JSExt* onCreateObject(const string& className, const string& id) { if (className == "TemplateJS") { return new TemplateJS(id); }

 return NULL;}

/** * Method used by JNext to determine if the object can be deleted. */bool TemplateJS::CanDelete() { return true;}

/** * It will be called from JNext JavaScript side with passed string. * This method implements the interface for the JavaScript to native binding * for invoking native code. This method is triggered when JNext.invoke is * called on the JavaScript side with this native objects id. */string TemplateJS::InvokeMethod(const string& command) { // command appears with parameters following after a space int index = command.find_first_of(" "); std::string strCommand = command.substr(0, index); std::string arg = command.substr(index + 1, command.length()); params = arg; if (strCommand == "doNSIRequest") { StartThread(); strCommand.append(";"); strCommand.append(command); return strCommand; }

 return "Unknown C++ method";}

void* SignalThread(void* parent) { TemplateJS *pParent = static_cast(parent);

 int argc = 0; char **argv = NULL; QCoreApplication QCoreApplication(argc, argv); webworks::TemplateNDK *m_signalHandler = new webworks::TemplateNDK(pParent); m_signalHandler->doNetworkRequest();

 QCoreApplication::exec(); delete m_signalHandler; return NULL;}

bool TemplateJS::StartThread(){

 pthread_attr_t thread_attr; pthread_attr_init(&thread_attr); pthread_attr_setdetachstate(&thread_attr, PTHREAD_CREATE_DETACHED);

 pthread_t m_thread; pthread_create(&m_thread, &thread_attr, SignalThread, static_cast(this)); pthread_attr_destroy(&thread_attr); if (!m_thread) { return true; } else { return false; }}

// Notifies JavaScript of an eventvoid TemplateJS::NotifyEvent(const std::string& event) { std::string eventString = m_id + " "; eventString.append(event); SendPluginEvent(eventString.c_str(), m_pContext);}

template_ndk.hpp



#ifndef TEMPLATENDK_HPP_#define TEMPLATENDK_HPP_

#include #include #include #include #include 

using namespace bb::device;

class TemplateJS;

namespace webworks {

class TemplateNDK : public QObject {

 Q_OBJECT

public: explicit TemplateNDK(TemplateJS *parent = NULL); virtual ~TemplateNDK(); void doNetworkRequest();

public Q_SLOTS: void onRequestFinished(QNetworkReply *reply); void connectionStateChanged (bb::device::CellularConnectionState::Type connectionState); void onNetworkTimeOut();

private: void doNSIRequest(); void disconnectService(); void parseXml(const QByteArray buffer, int httpCode, QString status, QString errorInfo); void parseJsonParams();

private: TemplateJS *m_pParent; QNetworkAccessManager *_networkAccessManager; CellularDataInterface *_cellularDataInterface; int networkTimeout; std::string url;};

} // namespace webworks

#endif /* TEMPLATENDK_H_ */

template_ndk.cpp

#include #include #include #include #include #include #include #include "template_ndk.hpp"#include "template_js.hpp"

namespace webworks {

TemplateNDK::TemplateNDK(TemplateJS *parent) {

 m_pParent = parent; _networkAccessManager = 0; _cellularDataInterface = 0; networkTimeout = 0; url = "";

}

TemplateNDK::~TemplateNDK() {

 if (_networkAccessManager){ delete _networkAccessManager; _networkAccessManager = 0; } if (_cellularDataInterface) { if (_cellularDataInterface->connectionState() == CellularConnectionState::Connected) { disconnectService(); } delete _cellularDataInterface; _cellularDataInterface = 0; } if(m_pParent){ delete m_pParent; m_pParent = 0; }}

void TemplateNDK::doNetworkRequest(){ _networkAccessManager = new QNetworkAccessManager(); _cellularDataInterface = new CellularDataInterface(); connect( _networkAccessManager, SIGNAL(finished(QNetworkReply*)), this, SLOT(onRequestFinished(QNetworkReply*)));

 connect(_cellularDataInterface, SIGNAL(connectionStateChanged(bb::device::CellularConnectionState::Type)), this, SLOT(connectionStateChanged(bb::device::CellularConnectionState::Type)));

 parseJsonParams();

 doNSIRequest();}

void TemplateNDK::parseJsonParams() { std::string networkParams = m_pParent->params;

 // Parse the arg string as JSON Json::FastWriter writer; Json::Reader reader; Json::Value root; bool parse = reader.parse(networkParams, root);

 if (!parse) {

 QByteArray buffer(NULL); parseXml(buffer, 1, "fail", "Cannot parse input JSON object");

 } else {

 url = root["url"].asString(); int timeout = root["timeOutValue"].asInt(); networkTimeout = timeout * 1000; //converting into milliseconds

 }}

/** * Set name for mobile data and attempt to activate the network connection if name is valid */

void TemplateNDK::doNSIRequest() { _cellularDataInterface->setName("blackberry"); if (_cellularDataInterface->isValid()) { QString networkInterfaceName =_cellularDataInterface->networkInterfaceName();

 if (!networkInterfaceName.isEmpty()) { _cellularDataInterface->requestConnect(); } else { QByteArray buffer(NULL); QString strError = "Mobile data off"; parseXml(buffer, 1, "fail", strError); }

 } else { QByteArray buffer(NULL); QString strError = ""; if (_cellularDataInterface->networkInterfaceName() == ""){ strError = "No Sim Available"; }else{ strError = "Invalid cellular data services"; }

 parseXml(buffer, 1, "fail", strError); }}

/** * Attempt to de-activate the network connection */

void TemplateNDK::disconnectService(){ _cellularDataInterface->requestDisconnect(); unsetenv("SOCK_SO_BINDTODEVICE");}

/** * Slot getting called after successful connection to Mobile data. * If connected then send server request else handling error */

void TemplateNDK::connectionStateChanged (bb::device::CellularConnectionState::Type connectionState){ QString strError = ""; if (connectionState == CellularConnectionState::Connected) {

 int EOK = 0; if (setenv("SOCK_SO_BINDTODEVICE", _cellularDataInterface->networkInterfaceName().toAscii().constData(), 1) == EOK) { QNetworkRequest request = QNetworkRequest(); QString inputUrl = QString::fromUtf8(url.c_str()); request.setUrl(QUrl(inputUrl)); QNetworkReply* response = _networkAccessManager->get(request);

 QTimer *timer = new QTimer(response); timer->setSingleShot(true); connect(timer, SIGNAL(timeout()), this, SLOT(onNetworkTimeOut())); timer->start(networkTimeout);

 } else { strError = "Not connected to 2g/3g connection! Please try again"; }

 } else if (connectionState == CellularConnectionState::PendingConnect) { strError = "Pending Connect! Please try again";

 } else if (connectionState == CellularConnectionState::Disconnected) { strError = "Disconnected! Please try again"; unsetenv("SOCK_SO_BINDTODEVICE");

 } else { strError = "Not Connected! Please try again"; } if (!strError.isEmpty()){ QByteArray buffer(NULL); parseXml(buffer, 2, "fail", strError); }

}

void TemplateNDK::onNetworkTimeOut() { QTimer *timer = qobject_cast(sender()); QNetworkReply *response = qobject_cast(timer->parent()); response->abort();}

/** * Handling response coming from server */void TemplateNDK::onRequestFinished(QNetworkReply *reply){ int httpStatusCode = reply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt(); httpStatusCode = reply->error(); QString status = ""; QByteArray buffer(NULL); QString strErrorInfo = ""; if (reply->error() == QNetworkReply::NoError) {

 const int available = reply->bytesAvailable(); if (available > 0) { status = "success"; buffer = reply->readAll();

 }else{ status = "fail"; httpStatusCode = 2; strErrorInfo = "Response is null"; }

 } else {

 strErrorInfo = reply->errorString(); if (strErrorInfo.contains("\"\"")) { //case like: Protocol "" is unknown strErrorInfo = strErrorInfo.remove("\"\""); } status = "fail";

 } parseXml(buffer, httpStatusCode, status, strErrorInfo); reply->deleteLater();}

/** * parses xml coming from server as response, Create JSON object and calling notify */void TemplateNDK::parseXml(const QByteArray buffer, int httpCode, QString status, QString errorInfo) { QXmlStreamReader xml; std::string event = "NSI_requestCallbackResult";

 // Parse the arg string as JSON Json::FastWriter writer; Json::Reader reader; Json::Value root;

 root["language"] = ""; root["subId2"] = ""; root["accountSubType"] = ""; root["status"] = status.toLocal8Bit().constData(); root["httpCode"] = httpCode; root["errorInfo"] = errorInfo.toLocal8Bit().constData();

 try{ if (!buffer.isNull()) { xml.addData(buffer);

 while (!xml.atEnd()) { xml.readNext();

 if (xml.isStartElement()) { if (xml.name() == "eamLanguage") { root["language"] = xml.readElementText().toLocal8Bit().constData();

 } if (xml.name() == "subId2") { root["subId2"] = xml.readElementText().toLocal8Bit().constData(); } if (xml.name() == "accountSubType") { root["accountSubType"] = xml.readElementText().toLocal8Bit().constData(); } }

 } } }catch (...) { QString status = "fail"; int httpCode = 2; QString strBuffer(buffer); QString errorInfo = "Exception:FormatException Function:parseXml ServerResponse: " + strBuffer;

 root["status"] = status.toLocal8Bit().constData(); root["httpCode"] = httpCode; root["errorInfo"] = errorInfo.toLocal8Bit().constData(); }

 m_pParent->NotifyEvent(event + " " + writer.write(root));

}

} /* namespace webworks */

Finally I found the solution of the present.

Question is due to every javascript function call new pthread is be created every time and existing thread is never destroyed. However, I assumed that this local variable of pthread_t destroyed but it is not run like that. If trying to kill thread existing manually using pthread_cancel(), application crashes. Application of network function is called in this thread and QNetworkAccessManager slot is never get called except for the first time.

To solve it, I used a public global variable that allow to create the thread only once and give the signal for the following applications when native code receives a StartThread function call. For signalling, used pthread mutex lock and characteristic signal.

Here is the code for the function StartThread:

bool TemplateJS::StartThread()
{

    parseJsonParams();

    if (!g1.g_isSignalThreadCreated) {
        g1.g_isSignalThreadCreated = true;

        pthread_attr_t thread_attr;
        pthread_attr_init(&thread_attr);
        pthread_attr_setdetachstate(&thread_attr, PTHREAD_CREATE_DETACHED);
        pthread_t m_thread;
        pthread_create(&m_thread, &thread_attr, SignalThread, static_cast(this));
        pthread_attr_destroy(&thread_attr);

    } else {
        pthread_mutex_lock(&mutex);
        pthread_cond_signal(&cond);
        pthread_mutex_unlock(&mutex);

    }
    return true;
}

And here's the code must call after event notification.

void TemplateNDK::Workerthread_waitForNextTime()
    {
        pthread_mutex_lock(&mutex);
        pthread_cond_wait(&cond, &mutex);
        pthread_mutex_unlock(&mutex);

        //keeps waiting here until get Signal from StartThread.
        doNetworkRequest();
    }

Non-visible LUNs to the second esx Server

Hi, I have two HP G4p esx 3.5 servers attached to an MSA1000 with a hub via the emulex fibre FCs I had created two LUNS on the MSA with the ACU. One esx server sees the two LUNS created but the other cannot see the LUNS even after doing a rescan. Sometimes when making him analyze again the VI is suspended. I have obsereved both esx servers to see two different WWPN pointing to two different targets. I want both esx servers to see the same LUNS shared so I could run somewhat your since I'm new to vmware technology. I enclose a snapshot that I think could someone out there with the possible workaround to the issue.
Thank you

I agree with other posters - make sure your zoning is correct on the FC switch and also ensure that you have checked boxes correct and applied, in the selective presentation of storage (SSP) within the ACU. If this is all OK, a new scan of the storage should display the logical unit number.

You're talking about the different WWPN is the Emulex HBA on their respective hosts.

Post edited by: java_cat33 - Note about WWPN

Links to the site fail on the local test server

Using CS4/WAMP/XP, I have a test set up server. Everything works fine except that when I specify links to the site, on the testing server they not go back to localhost, localhost/Frances. They work very well on the online site, but not on my test server.
This prevents me from using (and stable) "include" files for things like menus when parts of the site are in different folders.
I have my setup of site as follows:
Local news
Name of the site 'FFG2009 '.
Local root folder C:\wamp\www\Frances\
By default the folder images C:\wamp\www\Frances\images\
HTTP address: http://localhost/Frances/
Test server
Server model: PHP/MySQL
Access: Local/network
File of the test server: C:\wamp\www\Frances testing\
URL prefix: http://localhost/Frances/
In my Apache configuration file, I have a virtual directory that is set up like this
Alias /Frances/ "c:/wamp/www/Frances / '.
< directory "c:/wamp/www/Frances /" > ".
all options + includes
AllowOverride all
Order allow, deny
Allow from 127.0.0.1
< / Book >
I was informed that I could temporarily change the folder of Apache webroot on my record "Frances", but this stops other things like PHPMyAdmin to work. I also have other sites in my www directory and I don't want to change the rootweb Apache Directory each time I need to work on another site.
Is it possible to set up my site in CS4 so that the root links site go to localhost/Frances rather than just localhost?
Thank you
Tone'z

It's something I've had to do for some while now. Alias simply create shortcuts to a directory, they do not have their own directories 'Document Root'. I'm pretty sure you need to do is to set up a virtual host using WAMP (in fact, Apache, any installer is used). I'm almost certain that one of the books of David Powers cover the subject, but the one I apparently was already packed (moving soon).

I followed the steps of http://blog.jlbn.net/?p=23 and it was quick and much easier than I expected. He missed for subdomains, but I found the solution quickly to the http://www.sitepoint.com/forums/showthread.php?t=394472 (I don't know why I didn't get it virtual host, but Google has gotten in the way :-))

So now I have http://localhost , http://test.localhost and a true domain that I own (it's not hosted online) all running on my local computer.

In your case, you might want to implement the subdomain http://frances.localhost so as not to cause interference with the actual domain name. Or make sure you have the server offline. If you don't know how to do this in the file httpd.conf, then in WAMP, it's two mouse clicks: WAMP-> put in offline mode. It is a good idea in any case

Thank you for pushing me to learn how. It was high time that I updated in any case my installed WAMP.

HTH

--
Mark A. Boyd
Keep-on-Learnine :-)
This message was processed and published by Jive.
It will not be considered an accurate representation of my words.

Vista install fails on the second stage. "Install.wim is missing or damaged.

I am trying to reinstall Vista Ultimate on a computer, E-Machines, and it gives me the message "Install.wim is missing or damaged. I have no idea why this is happening. I used my cell phone to check the disk for the file, and it is there and seems to be ok. Any ideas? Note: The disc seemed scratched, so I used a disc repair system that actually works, but who have done nothing. I want to reinstall because of the problem of the BSOD I have. Every day there are at least a Blue Screen of Death.

If it is scratched, replace:

http://support.Microsoft.com/default.aspx/KB/326246

'How to replace Microsoft software or hardware, order service packs and upgrades, and replace product manuals'

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Or borrow a good Microsoft Vista DVD (not Dell, HP, etc).
A good Vista DVD contains all versions of Vista.
The product key determines which version of Vista is installed.

There are 2 disks of Vista: one for 32-bit operating system, and one for 64-bit operating system.

If install a cleaning is required with a good DVD of Vista (not HP, Dell recovery disks):

Go to your Bios/Setup, or the Boot Menu at startup and change the Boot order to make the DVD/CD drive 1st in the boot order, then reboot with the disk in the drive.

At the startup/power on you should see at the bottom of the screen either F2 or DELETE, go to Setup/Bios or F12 for the Boot Menu

http://support.Microsoft.com/default.aspx/KB/918884

MS advice on the conduct of clean install.

http://www.theeldergeekvista.com/vista_clean_installation.htm

A tutorial on the use of a clean install

http://www.winsupersite.com/showcase/winvista_install_03.asp

Super Guide Windows Vista Installation

After installation > go to the website of the manufacturer of your computer/notebook > drivers and downloads Section > key in your model number > get latest Vista drivers for it > download/install them.

Save all data, because it will be lost during a clean installation.

See you soon.

Mick Murphy - Microsoft partner

AAA / adding additional ACS server

Hello guys,.

You need to install AAA proposed plan as attaché. We used the current configuration for a very long time for our facilities and data centre devices. Now we want to add a more updated ACS apart from the existing two and need to point out all the data center on the new ACS server devices.

Is it possible to set up groups of many materials and separate ACS server for defined groups? If possible please let me know the commands, and if not, please let me know the two ways.

Hope you could understand my needs and the current configuration. PFA...

Thanks in advance!

Best regards

Anurag.K

Hi Anurag,

You can add the new ACS/Ganymede server and have this server in the upper part of the sequence.

10.16.2.10 RADIUS server host

10.16.2.8 RADIUS server host

10.16.2.9 RADIUS server host

GANYMEDE server key xxxxx

If you really want to create a separate group for the new ACS/Ganymede server then you must have under configuration shown.

AAA server Ganymede group + Group1

Server 10.16.2.8

Server 10.16.2.9

AAA server Ganymede group + group2

Server 10.16.2.10

AAA authentication login default group GROUP1 GROUP2 line

I want to knoiw if you have doubts.

~ BR
Jatin kone

* Does the rate of useful messages *.

Grid Infra configuration failed when running root.sh on the second node

Hello world.
I am new guy on RAC environment. When you try to install Oracle RAC on the local environment, I had this problem:
-J' have run root.sh successfully on a local first node
-After that, the first node, there are 3 cards of virtual network created to SCAN listening addresses
-After the success of action on the first node, I tried to run this script on the second node, but the error occurred:
```
CRS-2676: Start of 'ora.DATA.dg' on 'dbnode2' succeeded
PRCR-1079 : Failed to start resource ora.scan1.vip
CRS-5017: The resource action "ora.scan1.vip start" encountered the following error:
CRS-5005: IP Address: 192.168.50.124 is already in use in the network
. For details refer to "(:CLSN00107:)" in "/u01/app/11.2.0/grid/log/dbnode2/agent/crsd/orarootagent_root/orarootagent_root.log".

CRS-2674: Start of 'ora.scan1.vip' on 'dbnode2' failed
CRS-2632: There are no more servers to try to place resource 'ora.scan1.vip' on that would satisfy its placement policy
PRCR-1079 : Failed to start resource ora.scan2.vip
CRS-5017: The resource action "ora.scan2.vip start" encountered the following error:
CRS-5005: IP Address: 192.168.50.122 is already in use in the network
. For details refer to "(:CLSN00107:)" in "/u01/app/11.2.0/grid/log/dbnode2/agent/crsd/orarootagent_root/orarootagent_root.log".

CRS-2674: Start of 'ora.scan2.vip' on 'dbnode2' failed
CRS-2632: There are no more servers to try to place resource 'ora.scan2.vip' on that would satisfy its placement policy
PRCR-1079 : Failed to start resource ora.scan3.vip
CRS-5017: The resource action "ora.scan3.vip start" encountered the following error:
CRS-5005: IP Address: 192.168.50.123 is already in use in the network
. For details refer to "(:CLSN00107:)" in "/u01/app/11.2.0/grid/log/dbnode2/agent/crsd/orarootagent_root/orarootagent_root.log".

CRS-2674: Start of 'ora.scan3.vip' on 'dbnode2' failed
CRS-2632: There are no more servers to try to place resource 'ora.scan3.vip' on that would satisfy its placement policy

start scan ... failed
FirstNode configuration failed at /u01/app/11.2.0/grid/crs/install/crsconfig_lib.pm line 9379.
/u01/app/11.2.0/grid/perl/bin/perl -I/u01/app/11.2.0/grid/perl/lib -I/u01/app/11.2.0/grid/crs/install /u01/app/11.2.0/grid/crs/install/rootcrs.pl execution failed
```
I tried again with several times (with left-hand) but the problem was still there. Can you explain to me?
-Why, after running root.sh on the first node, all IP SCANNER interfaces was created on this node? This is the reason why root.sh fails on the second node.
-How to solve?
I use the server for address scan local DNS resolves to 3 IPs, and I can run script runcluvfy.sh with success on both nodes.
I thank in advance

PS:

I use two virtual machines in vmware. After running root.sh on the first node, I checked and found this funny information:

[oracle@dbnode1 sshsetup] $ / sbin/ifconfig

eth0 Link encap HWaddr 00: 0C: 29:BC:43:1 B

INET addr:192.168.50.66 Bcast:192.168.50.255 mask: 255.255.255.0

ADR inet6: fe80::20c:29ff:febc:431 b / 64 Scope: link

RUNNING BROADCAST MULTICAST MTU:1500 metric: 1

Dropped packets: 249814 RX errors: 0:0 overruns: 0 frame: 0

Dropped packets: 2956882 TX errors: 0:0 overruns: 0 carrier: 0

collisions: 0 txqueuelen:1000

RX bytes: 24913472 (23.7 MiB) TX bytes: 4369984705 (4.0 GiB)

eth0: 1 link encap HWaddr 00: 0C: 29:BC:43:1 B

INET addr:192.168.50.120 Bcast:192.168.50.255 mask: 255.255.255.0

RUNNING BROADCAST MULTICAST MTU:1500 metric: 1

eth0:2 Link encap HWaddr 00: 0C: 29:BC:43:1 B

INET addr:192.168.50.122 Bcast:192.168.50.255 mask: 255.255.255.0

RUNNING BROADCAST MULTICAST MTU:1500 metric: 1

eth0:3 Link encap HWaddr 00: 0C: 29:BC:43:1 B

INET addr:192.168.50.123 Bcast:192.168.50.255 mask: 255.255.255.0

RUNNING BROADCAST MULTICAST MTU:1500 metric: 1

eth0:4 Link encap HWaddr 00: 0C: 29:BC:43:1 B

INET addr:192.168.50.124 Bcast:192.168.50.255 mask: 255.255.255.0

RUNNING BROADCAST MULTICAST MTU:1500 metric: 1

eth1 Link encap HWaddr 00: 0C: 29:BC:43:25

INET addr:192.168.29.10 Bcast:192.168.29.255 mask: 255.255.255.0

ADR inet6: fe80::20c:29ff:febc:4325 / 64 Scope: link

RUNNING BROADCAST MULTICAST MTU:1500 metric: 1

Fall of RX packets: 471 errors: 0:0 overruns: 0 frame: 0

Dropped packets: 664 TX errors: 0:0 overruns: 0 carrier: 0

collisions: 0 txqueuelen:1000

RX bytes: 82216 (80.2 KiB) TX bytes: 107920 (105.3 KiB)

eth1:1 Link encap HWaddr 00: 0C: 29:BC:43:25

INET addr:169.254.75.201 Bcast:169.254.255.255 mask: 255.255.0.0

RUNNING BROADCAST MULTICAST MTU:1500 metric: 1

Lo encap:Local Loopback link

INET addr:127.0.0.1 mask: 255.0.0.0

ADR inet6:: 1/128 Scope: host

RACE of LOOPING 16436 Metric: 1

Fall of RX packets: 10626 errors: 0:0 overruns: 0 frame: 0

Dropped packets: 10626 TX errors: 0:0 overruns: 0 carrier: 0

collisions: 0 txqueuelen:0

RX bytes: 7942626 (7.5 MiB) TX bytes: 7942626 (7.5 MiB)

I think it's because of the failure on node 2

UPDATE:

That thing is normal, I ignored it and the installation can continue normally. Thank you all for your help.

Update settings prevented the second office "an account with that name already exists...". »

My provider has modernized and forces me to change the server settings. I did this successfully on a desktop computer and now I want to do this on the second and the third office where I want my accounts available e-mail.

When I try, I get a window of the wizard account saying "an account with that name already exists. Please enter a different account name. "And I'm prevented from doing the settings made on the second Desktop server.

How do I get around this?

Thank you,
DJBrewster

Open the configuration editor and search for entries with this name

There should be two entries with mail.server.serverXX.name (where XX is a number.) change on them and try and change the setting again.

Batch IP customization - strange behavior on the second dns property

We are ceating a csv file to import the IP address changes on the recovering site to apply to the recovered virtual machines using the Dr.-ip-customizer utility. The documentation contains obvious on the page 55/56 table 5.1 errors as there is incompatibility with some of the examples, but there is also a "bug" in the creation of customization to help files to create or recreate functions.

Overall, the creation by using the methods described in the administration guide work, with one exception...

When you add the alternative DNS server address by using the examples in the above tables, it is ignored and not added in the customization file at all.

This is the csv file that we use (cut short for clarity)

ID OF THE VIRTUAL COMPUTER

Name of the virtual machine

Card ID

MAC address

DNS domain

NET BIOS

Primary WINS

Secondary WINS

IP address

Subnet mask

Gateway (s)

DNS servers

Suffixes DNS

shadow-vm-1256

Test_1

shadow-vm-1256

10.0.0.51

255.255.255.0

10.0.0.254

10.0.0.2

shadow-vm-1256

10.0.0.20

The foregoing does not add the secondary dns address to the customization file.

BUT, if you add a duplicate bridge, the second DNS server is added to the file as well as the alternative bridge in the customization file.

ID OF THE VIRTUAL COMPUTER

Name of the virtual machine

Card ID

MAC address

DNS domain

NET BIOS

Primary WINS

Secondary WINS

IP address

Subnet mask

Gateway (s)

DNS servers

Suffixes DNS

shadow-vm-1256

Test_1

shadow-vm-1256

10.0.0.51

255.255.255.0

10.0.0.254

10.0.0.2

shadow-vm-1256

10.0.0.254

10.0.0.20

When using the above csv file to create the customization files for the Windows VM (Test_1) and turn the VM of reserved space in the recovery of test environment, in the properties of the network adapter, it is indeed 2 gateways listed, both identical except the metrics (1 and 2 respectively)

This isn't a clean method, but a solution and I don't understand windows services of intellectual property in the position to know what impact in a real environment, this would have.

If anyone has had a similar experience... or do we?

Sincere greetings

MrPix

Try to fill the virtual computer NAME column in the CSV file with the names of the virtual machines as well.

There is a covering memo that says that this is necessary.

local user name and password if the ACS server fails

Hello

I have every router and switch configuration for authentication of the connection via the ACS server. I used these 12 lines below and it works very well. Each engineer has their own account.

AAA new-model
AAA of default login authentication group Ganymede + activate
the AAA authentication enable default group Ganymede + activate
AAA authorization exec default authenticated if
AAA authorization commands 15 default group Ganymede + authenticated if
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
Default connection accounting AAA power Ganymede group.
AAA - the id of the joint session

RADIUS-server host x.x.x.x
RADIUS-server application made
radius-server key, regardless of

----------------------------------------------

I would add to this a local username and password so that if the ACS server was offline engineers have yet to connect with a knowledge of username and default password

username privilege 15 secret mypassword MYUSERNAME

line vty 0 4
local connection

Q. How do I make ACS a first preference and connection server only local users username and password if the ACS server is down?

Kind regards

Kevin

Now you have the password to enable as the fall back method:

AAA of default login authentication group Ganymede + activate

Change 'enable' for 'local' and the local (to the router) database of user names and passwords is used.

The same works to activate authentication (the second line "authentication, aaa... ("in the config that you posted).

AAA to circumvent the password to enable on the Cisco ASA

Hi all. I'm having a problem where I get authenticated by the AAA server, but after authentication, that I am placed in user mode. AAA admin (I have no access to the AAA server) told me that he had all the users configured with priv level 15, which will lead them directly in the mode privilege on routers.

My question is how can I configure my Cisco ASA to get around using a password to enable. See below the configuration of my

AAA-server protocol Ganymede MYGROUP +.
Max - a failed attempts 4
AAA-server host 2.2.2.2 MYGROUP (inside)
timeout 3
key *.
Console Telnet AAA authentication LOCAL MYGROUP
Console to enable AAA authentication LOCAL MYGROUP
privilege MYGROUP 15 AAA accounting command

Looks like you want to directly access the exec privileges mode. This feature is not supported by the ASA. This is only possible on IOS devices.

Rgds, jousset

Note the useful questions.

Configuring the ACS server on windows server

Hello

I started to prepare my CCNA security and tried to configure AAA using ACS 4.2 on windows server 2003.

I have configured the router to use the AAA authentication with the laboratory of cbtnuggets from ACS server.

I checked the accessibility of the ACS server to client router and vice versa and also configuration.

The problem is I'm not able to authenticate using ACS server, the router uses local authentication and I have no why the router communicates not eith ACS server.

Help PLZ.

Configuration of my router from AAA.

===============================================

AAA new-model
!
!
AAA authentication login default group Ganymede + local
exact AAA authentication login group Ganymede + local
AAA authorization exec default local

RADIUS-server host 192.168.1.25 single-connection key ciscoacs--> (192.168.1.25 ACS, the key configured on the ACS server server is also ciscoacs)

line vty 0 4
exact connection authentication

================================================

I created a user on ACS server and I believe that when I'm trying to telnet to the router I should use the user name and password configured on the ACS server.

When I try to use, authentication fails, and also if the router accepts locallly configured user details then I think there was no communication between the router and the other GANYMEDE ACS server + will be used for authentication and if no communication between the router and acs server then only it should be the responsibility of local user

Please help me.

reports and activity--> passed authentication

reports and activity--> failed attempts

Rating of useful answers is more useful to say "thank you".

ACS - the clean access server

Hi guys,.

I have a doubt about the own ACS and access server.

The clean access server can do the job of the ACS?

for example, act as a VMPS server, AAA server, or radius server.

Thank you

ACS is entirely different to serve own access. See the below url for more details

http://www.Cisco.com/en/us/products/ps6128/products_qanda_item0900aecd803be813.shtml

Others become the iTunes update server message connection failed?

Others become the iTunes update server message connection failed?

My iPad has the logo of iTunes with the load icon and cannot update or restore on computer at home.

All internet connections are very good.

I'm having the same problem I tried 3 cables of computers 4 and my ipad won't restore or update.

Enable AAA fails on the second ACS server

Similar Questions

Maybe you are looking for